Release Date: 13/03/2022 | Issue: 128
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐Ÿ”ฅThe week of vulnerabilities๐Ÿ”ฅ
It was a challenging week for the cloud providers, as 7 out of 12 of this week's articles are about newly discovered vulnerabilities! ๐Ÿ˜ฃ
While Azure was the one majorly hit, GCP and AWS had their stake of vulns. Maybe that's why Google decided to bolster GCP's capabilities by acquiring Mandiant?
Sponsor

Interested in beta testing a new Cloudflare security product?
Cloudflare is excited to share a new opportunity to try out one of our latest platform additions, Cloudflare CASB. This new product gives IT and security teams a ridiculously easy way to connect their SaaS apps - like Google Workspace and Microsoft 365 - and scan them for critical security issues and risks, like misconfigurations, insecure file sharing, and shadow IT.
Sound like something that could help at your organization? Please visit and submit our beta access form to get started!

This week's articles


CVE-2022-0847 (aka Dirty Pipe): What does it mean for defenders
A quick summary and actionable advice for defenders of cloud environments and those teams who are asked to determine the impact of CVE-2022-0847 on their company's infrastructure.   #attack   #aws   #azure   #containers   #defend   #gcp


AutoWarp Microsoft Azure Automation Vulnerability
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.   #attack   #azure


Escalating from Logic App Contributor to Root Owner in Azure
Having Contributor access to an Azure Resource Manager (ARM) API Connection would allow you to create arbitrary role assignments as the connected user. This was supposed to be limited to actions at the Resource Group level, but an attacker could escape to the Subscription or Root level with a path traversal payload.   #attack   #azure


Abusing Family Refresh Tokens for Unauthorized Access and Persistence in Azure Active Directory
Undocumented functionality in Azure Active Directory allows a group of Microsoft OAuth client applications to obtain special "family refresh tokens", which can be redeemed for bearer tokens as any other client in the family.   #attack   #azure


Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration
This post covers how a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.   #attack   #gcp


Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
Users able to create a pod could have abused these to (1) escape their pod and compromise the underlying node, (2) escalate privileges and become full cluster administrators, and (3) covertly persist administrative access through backdoors that are completely invisible to cluster operators.   #attack   #gcp   #kubernetes


How to Automate the Provisioning of Narrowly-Scoped and Short-Lived Pull Secrets
Post showcasing an approach aimed at automating the provisioning of narrowly-scoped and short-lived pull secrets within Kubernetes environments thanks to HashiCorp Vault.   #build   #kubernetes   #vault


Triaging A Malicious Docker Container
How to triage a malicious image containing a piece of malware previously undetected in VirusTotal.   #containers   #defend


Escaping privileged containers for fun
A new technique to escape privileged containers.   #attack   #containers


Kubernetes Hardening Tutorial Part 3: Authentication, Authorization, Logging & Auditing
Learn how to set up an AWS EKS cluster with Terraform and leverage best practices to configure roles, service accounts, logging, and auditing.   #defend   #kubernetes


HCP Packer Is Now Generally Available
HCP Packer provides automation, collaboration, and security for managing images across multiple clouds. It includes image security and compliance workflows with Terraform Cloud.   #announcement   #build   #ci/cd   #terraform


Google Announces Intent to Acquire Mandiant
From the statement: "As a recognized leader in strategic security advisory and incident response services, Mandiant brings real-time and in-depth threat intelligence gained on the frontlines of cybersecurity with the largest organizations in the world."   #announcement   #gcp

Sponsor

Did you know 75% of containers have critical vulnerabilities that are patchable? Get real-world practical insights from Sysdig's 2022 Cloud-Native Security and Usage Report to help as you work to develop best practices for securing and monitoring your cloud-native environments.
Access Now

Tools


netassert
Network security testing for DevSecOps workflows.


netshoot
A Docker + Kubernetes network trouble-shooting swiss-army container.


security-profiles-operator
The Kubernetes Security Profiles Operator.


pinniped
Pinniped is the easy, secure way to log in to your Kubernetes clusters.


postinvoke
A Go package that lets you run code after your Lambda function has returned its response. Potential use cases: flushing telemetry, audit logs, etc.

From the cloud providers


#AWS   Analyze AWS WAF logs using Amazon OpenSearch Service anomaly detection built on Random Cut Forests
How to use the machine learning capabilities of Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) to detect and visualize anomalies in AWS WAF logs.


#AWS   How to configure an incoming email security gateway with Amazon WorkMail
How to integrate Amazon WorkMail with an email security gateway. Configuring WorkMail this way can provide a versatile defense strategy for inbound email threats.


#AWS   How to automate AWS account creation with SSO user assignment
How to automate creating multiple AWS accounts in AWS Control Tower, and how to automate assigning user access to the AWS accounts in AWS SSO, with the ability to repeat the process easily for subsequent batches of accounts.


#GCP   New resources to advance your Autonomic Security Operations modernization journey
The latest release of Autonomic Security Operations includes a variety of initiatives and investments, from the launch of a Public Sector solution, a Community Security Analytics repository, to a fully comprehensive technology stack.


#GCP   Protect your users' accounts with reCAPTCHA Enterprise's account defender
Account defender, available today in public preview, is a feature in reCAPTCHA Enterprise that analyzes the patterns of behavior for an individual account.


#GCP   Build your perfect Google Cloud infrastructure using Terraform and the gcloud CLI
Learn more about how declarative export allows you to export the current state of your infrastructure into a descriptive file compatible with Terraform.


#AZURE   Microsoft DDoS protection response guide
Receiving Distributed Denial of Service (DDoS) attack threats? This guide provides an overview of what Microsoft provides at the platform level, information on recent mitigations, and best practices.


#AZURE   Meet PCI compliance with credit card tokenization
Article presenting a solution for processing credit card payments makes use of confidential virtual machines (CVMs) running on AMD Secure Encrypted Virtualization (SEV) - Secure Nested Paging (SNP) technology.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini